source: TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/xacml/esgf_ext.py @ 7698

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/xacml/esgf_ext.py@7698
Revision 7698, 7.0 KB checked in by pjkersha, 10 years ago (diff)

Integrated SAML ESGF Group/Role? attribute value type into SAML Attribute Authority client unit tests.

Line 
1"""NDG Security
2
3Extensions for Earth System Grid Federation Group/Role Attribute Value type
4"""
5__author__ = "P J Kershaw"
6__date__ = "01/11/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__contact__ = "Philip.Kershaw@stfc.ac.uk"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = "$Id$"
12import logging
13log = logging.getLogger(__name__)
14
15from ndg.xacml.core.functions import functionMap
16from ndg.xacml.core.functions.v1.bag import BagBase
17from ndg.xacml.core.functions.v1.at_least_one_member_of import \
18    AtLeastOneMemberOfBase
19from ndg.xacml.core.attributevalue import (AttributeValue,
20                                           AttributeValueClassFactory)
21from ndg.xacml.parsers import XMLParseError
22from ndg.xacml.parsers.etree.attributevaluereader import (
23                                                DataTypeReaderClassFactory)
24from ndg.xacml.parsers.etree import QName
25from ndg.xacml.parsers.etree.attributevaluereader import (
26                                                DataTypeReaderClassFactory,
27                                                ETreeDataTypeReaderBase)
28
29
30class ESGFGroupRoleAttributeValue(AttributeValue):
31    """Earth System Grid Federation Group/Role Attribute Value type
32   
33    Attributes have the concept of a different groups and within those groups
34    roles indicating a function or privilege
35   
36    @cvar IDENTIFIER: DataType for this attribute value type
37    @type IDENTIFIER: string
38    @cvar TYPE: Realisation as a Python type
39    @type TYPE: string
40    @cvar GROUPROLE_ELEMENT_LOCAL_NAME: XML element name for this type
41    @type GROUPROLE_ELEMENT_LOCAL_NAME: string
42    @cvar GROUP_ELEMENT_LOCAL_NAME: name of group XML sub-element
43    @type GROUP_ELEMENT_LOCAL_NAME: string
44    @cvar ROLE_ELEMENT_LOCAL_NAME: name of role XML sub-element
45    @type ROLE_ELEMENT_LOCAL_NAME: string
46    @cvar ROLE_DEFAULT_VALUE: default value for role name
47    @type ROLE_DEFAULT_VALUE: string
48    """
49   
50    IDENTIFIER = 'groupRole'
51    TYPE = tuple   
52    GROUPROLE_ELEMENT_LOCAL_NAME = 'groupRole'
53    GROUP_ELEMENT_LOCAL_NAME = 'group'
54    ROLE_ELEMENT_LOCAL_NAME = 'role'
55    ROLE_DEFAULT_VALUE = 'default'
56   
57    __slots__ = ('__group', '__role')
58   
59    def __init__(self):
60        """Add additional attributes to AttributeValue base type"""
61        super(ESGFGroupRoleAttributeValue, self).__init__()
62        self.__group = None
63        self.__role = self.__class__.ROLE_DEFAULT_VALUE
64       
65    @property
66    def group(self):
67        """@return: group name
68        @rtype: basestring / NoneType
69        """ 
70        return self.__group
71   
72    @group.setter
73    def group(self, value):
74        """@param value: new group value to set
75        @type value: basestring
76        """
77        if not isinstance(value, basestring):
78            raise TypeError('Expecting string type for "group" attribute; got '
79                            '%r' % type(value))
80           
81        self.__group = value
82         
83    @property
84    def role(self):
85        """@return: role name
86        @rtype: basestring
87        """ 
88        return self.__role
89   
90    @role.setter
91    def role(self, value):
92        """@param value: new role value to set
93        @type value: basestring
94        """
95        if not isinstance(value, basestring):
96            raise TypeError('Expecting string type for "role" attribute; got '
97                            '%r' % type(value))
98       
99        return self.__role
100   
101    @property
102    def value(self):
103        """Override default value property to give custom result.  Also,
104        'value' becomes a read-only property.  Making this change is critical
105        to the function of the GroupRoleAtLeastOneMemberOf class below - it
106        relies on being able to make comparison of the value attribute of
107        different GroupRoleAttributeValue instances.  Defined this way,
108        comparison is by group,role to group,role tuple
109        """
110        return self.group, self.role
111   
112
113class ESGFGroupRoleBag(BagBase):
114    """Bag function for Earth System Grid Federation Group/Role custom attribute
115    value type"""
116    TYPE = ESGFGroupRoleAttributeValue
117    FUNCTION_NS = 'urn:esg:security:xacml:2.0:function:grouprole-bag'
118
119 
120class ESGFGroupRoleAtLeastOneMemberOf(AtLeastOneMemberOfBase):
121    """At least one member of function for Earth System Grid Federation
122    Group/Role custom attribute value type"""
123    TYPE = ESGFGroupRoleAttributeValue
124    FUNCTION_NS = ('urn:esg:security:xacml:2.0:function:'
125                   'grouprole-at-least-one-member-of')
126
127   
128class ETreeESGFGroupRoleDataTypeReader(ETreeDataTypeReaderBase):
129    """ElementTree based parser for Earth System Grid Federation Group/Role
130    attribute value data type"""
131   
132    @classmethod
133    def parse(cls, elem, attributeValue):
134        """Parse ESGF Group/Role type object using ElementTree
135
136        @param obj: input object to parse
137        @type obj: ElementTree Element, or stream object
138        @return: ElementTree element
139        @rtype: xml.etree.Element
140        """
141        if len(elem) != 1:
142            raise XMLParseError("Expecting single groupRole child element but " 
143                                "found only %d element(s)" % len(elem))
144                     
145        groupRoleElem = elem[0]
146       
147        if (QName.getLocalPart(groupRoleElem.tag) != 
148            attributeValue.__class__.GROUPROLE_ELEMENT_LOCAL_NAME):
149            raise XMLParseError("%r element found, expecting \"%s\" element " 
150                        "instead" % 
151                        attributeValue.__class__.GROUPROLE_ELEMENT_LOCAL_NAME)
152       
153        # Allow for any of the defined Expression sub-types in the child
154        # elements
155        for subElem in groupRoleElem:
156            localName = QName.getLocalPart(subElem.tag)
157            if localName == attributeValue.__class__.ROLE_ELEMENT_LOCAL_NAME:
158                attributeValue.role = subElem.text
159               
160            elif localName == attributeValue.__class__.GROUP_ELEMENT_LOCAL_NAME:
161                attributeValue.group = subElem.text
162               
163            else:
164                raise XMLParseError('%r ESG Group/Role sub-element not '
165                                    'recognised' % localName) 
166
167
168def addEsgfXacmlSupport():
169    """Add custom Earth System Grid types to XACML Classes.  This includes
170    the Group/Role Attribute type, and associated ElementTree based parser,
171    and XACML bag and at least one member functions
172    """
173   
174    # Add Group/Role type
175    AttributeValueClassFactory.addClass(ESGFGroupRoleAttributeValue.IDENTIFIER, 
176                                        ESGFGroupRoleAttributeValue)
177   
178    # Add new parser for this type
179    DataTypeReaderClassFactory.addReader(ESGFGroupRoleAttributeValue.IDENTIFIER,
180                                         ETreeESGFGroupRoleDataTypeReader)
181   
182    # Add extra matching and bag functions
183    functionMap[ESGFGroupRoleBag.FUNCTION_NS] = ESGFGroupRoleBag
184    functionMap[ESGFGroupRoleAtLeastOneMemberOf.FUNCTION_NS
185                ] = ESGFGroupRoleAtLeastOneMemberOf
Note: See TracBrowser for help on using the repository browser.